CCIB ICS Threat Vulnerability Attack Surface Management

  • Job category
    Banking and Finance, Information Technology, Risk Management
  • Job level
    Senior Management
  • Contract type
    Permanent, Full Time
  • Location
  • Salary
    S$22000 - S$34000

Job Description

About Standard Chartered

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and Never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

Make an impact every day with Trust, Data and Resilience (TDR)

Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home.

Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you’ll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.

Job Purpose:

Trusted advisor to CCIB business and technology for identification and assessment of attack surface and priority threats.

Drive maturity, operating and design effectiveness, to ensure strategic decisions to optimise the risk profile for the business strategy.

Enable improved business effectiveness through coaching leading focused cross business and function squads.

The Role Responsibilities

Standard Chartered Bank is headquartered in London with operations in 50+ with two primary businesses:

Commercial, Corporate and Investment Banking (“CCIB”)

Consumer, Private and Business Banking (“CPBB”)

The CCIB business incorporates the Transaction Banking, Financial Markets, Security Services and Client Coverage businesses. The business has ambitious digitisation agenda and is looking to transform its businesses to be digital native organisation.

Banks are built on trust from the key stakeholder groups:

Clients: trust that they will safeguard client assets (money, securities and commercial data).

Governments & regulators: trust that they will provide capital for economies and businesses.

Shareholders: trust they will provide a better return on capital than other banks.

Communities: trust they will uphold their human rights build and uphold financial inclusion.

Trust is built on security:

Identification of the priority business risks that are integrated into business strategy and decision making.

Delivering best practice cybersecurity solutions and protecting data and privacy

Threat-led approach ensure a security posture that mitigates the priority business risks

Deliver efficiencies, continuous improvement, maximise risk reduction, resilience, policy and regulatory compliance.

The CCIB Information & Cyber Security Office is made up of thought leaders, who are accountable for the provision of a risk advisory services to continuously improve CCIB’s security posture against the evolving cyber security landscape.


Ensure secure by design principles are integrated across CCIB businesses.

Provide thought leadership, research and report on identification and measurement business attack surface and threats.

Partner with CCIB to ensure agreement on investment model to ensure the most efficient allocation to address inherent and residual risks.

Support the continuous improvement through process re-engineering, transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats.

Drive strategic direction of ICS strategy to optimise attack surface; applications, people and processes.


Either through leveraging CCIB execution governance meetings and technology architecture meetings or through the establishment of relevant 1st / 2nd LOD working groups agree, co-ordinate and oversee implementation of integrated security requirements.

Collaborate with the CCIB and control service architecture teams to ensure strategic actions are aligned to CCIB business strategy.

Provide check and challenge on plans and deliverables; advise on gaps in coverage for CCIB risks and regulatory obligations, with recommendation on how to address these; highlight risk activities that are not aligned to risk or their cost of control.

Build strong relationship with both CCIB CIO team and CISO service providers.

People and Talent

Lead through example and build the appropriate culture and values. Set the appropriate tone and expectations for the team and work in collaboration with risk and control partners

Employ, engage and retain high quality people and establish an appropriate team structure and capacity plans

Set and monitor job descriptions and objectives for direct reports and provide feedback and recognition in line with their performance against those responsibilities and objectives

Risk Management

Drive appropriate coverage of CCIB inherent risk identification and assessment.

Advise businesses on evolving threat, industry trends and regulatory environment.

Work with ICS controls team to ensure testing and reporting supports CCIB business.

Promote socialisation of lessons learnt across CCIB


Maintain oversight of Risk Treatment actions, Root Cause Reviews and other remediation activities across CCIB

Produce quarterly update to CCIBRC on plan and execution progress

Regulatory & Business Conduct

Liaise with Internal Audit / Regulators as required

Display exemplary conduct and live by the Group’s Values and Code of Conduct

Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters

Key Stakeholders





Control Security Services MT

Security Technology Services MT

CCIB Business Control & Governance Leads

Internal / external audit

Our Ideal Candidate

Minimum 10 years of experience preferably in Investment Banking and Security Architecture & Controls

Detailed oriented, Strong deductive reasoning, critical thinking and problem solving skills;

Ability to work in a fast-paced team environment;

Proven ability to manage diverse stakeholder expectations;

Excellent oral/written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management; and

Exceptional interpersonal, team building, mentoring and leadership skills with a demonstrated ability to gain the confidence and respect of senior level executives.

Good working knowledge in:

The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management;

Security penetration testing and Red Team processes, technologies and industry frameworks (eg CREST);

Knowledge of tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration; and

Application, system and network exploitation or enumeration techniques utilized today ranging from injection, privilege escalation, buffer overflows, fuzzing, scanning.

Must understand typical threat actor profiles, the typical indicators associated with those profiles, and be able to synthesize the two to develop innovative techniques to detect threat actor activity;

Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors; and

Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.


Basic experience in cloud security and a good understanding of DevSecOps principles including Continuous Integration/Continuous Deployment practices (CI/CD);

Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent; and

Industry certifications will be a plus e.g. CISSP, SANS GIAC, GPEN, OCSP, CREST certifications

Apply now to join the Bank for those with big career ambitions.

Closing on 30 Sep 2021

orview more job listings from this company